The Russians Are Coming. Oh Snap, They’re Already Here

I have been and intend to continue to be cautious about remarks regarding the election and the possibility that a foreign state actor meddled, namely Russia. I have had the privilege to serve in a voluntary advisory capacity on election technology security to the Department of Homeland Security and members of Congress. And I deeply respect my obligation of confidence.

However, what becomes public is fair game to comment on—especially as it may advance our nonprofit mission. Many of us witnessed the breaking story over the weekend about the decision by both the President and the Congress (in a rare bipartisan fashion) to finally take the matter seriously and perform the imperative deep forensic investigation required to get to the bottom of how and to what extent the most vital aspect of the administration of our democracy was compromised or meddled in by the Russian government or any foreign state actor.

The core of the matter for the OSET Institute is not about how Russia executed a carefully designed mission that involved hacking into mail servers and weaponizing social media (although I discuss that below.) Our charter and charge is to increase confidence in elections and their outcomes by increasing integrity, lowering cost, and improving usability of election technology.

The simplest way to put an end to the threat of foreign state interference in our elections is to replace the deteriorating voting infrastructure that 43 States must figure out how to update by 2020, and ideally portions of it by 2018. We have been developing a solution for years, and with engineering complete, it just needs to be finished. I’ll close with a comment about that. First, back to the story at hand.

A Local Look From Abroad

I have a good friend who I collaborate with on my hobby of woodworking. He is a master craftsman; a Ukrainian with a large extended family in Eastern Europe including Russia and the Ukraine. Some of his relatives are also master craftsman, but not at cabinetry. Software. They’re masters of software development who work on contract for all kinds of well-paying clients throughout Eastern Europe and Asia. They have excellent listening skills and a great awareness for several things on both sides of the Web. But for the executive orders preventing payments to residents in Ukraine, the TrustTheVote Project would definitely hire them; like a senior developer we had on our team before the Crimea incident, they truly are high caliber, highly productive software developers. But at least I can learn indirectly from them through my friend’s family about what they hear. And the view from over there of our recent election cycle here, is disturbing.

Let me share some things shared with me, now that I can speak about them in the form of recounting an overheard and substantiated strategy for Russian government interference.

A Focused Foreign Mission

Step 1. Polarize the Issue. The issue of cyber-security is top of mind given all the poking, prodding, and penetrating of election-related systems this year. The Russians had a very clear objective in order to carry out their larger mission: make cyber-security—especially with regard to the election—a partisan issue, not an American issue. How to do that?

They achieved that by attacking and compromising the minority political party’s digital infrastructure, in this case the Democrats. Attacking both parties would’ve resulted in the unified wrath of American force in response. By attacking the minority, however, the issue could be made partisan. The minority party has no ability to enforce investigations, conduct hearings, or sanction response. So, all the minority party can do is raise the issue, for which the majority party would simply call it a "partisan whine." Step 1 would be (and was) achieved: make cyber-security a political, not an American issue. And having the President-elect (potentially) unwittingly complicit by siding with the Russians sealed the effort.

Step 2. Weaponize Social Media. The next step in the Russian plan was to execute a 20th century style propaganda war, powered by 21st century digital social media. This digital age propaganda war involved pumping fake news and methods of churning its circulation directed primarily at the GOP and the emerging Populist movement. This created a substantial reality distortion field, again legitimized by a potentially unwittingly complicit campaign machine. Fake news became real news churned into reality, while the Democrats stood looking like hapless whiners and eventually, sore losers.

Step 3. Case the Joint. Against the backdrop of those two steps of distraction, the systematic poking, prodding, and penetrating of American electoral administration systems expanded unchecked. Publicly, this initially involved a couple of voter registration systems, but that soon grew to a dozen and then two-dozen. What didn’t become public (and I cannot comment in detail) was how many other machines of election administration might have also been poked, prodded, and potentially penetrated. You can take it as fact that Russian miscreants likely cataloged a number of machines, and far more than just online voter registration systems.

Step 4. Work Under Cover of Distractions. Here is where I run up against boundaries of disclosures. But let me offer the following. Like our CTO, I might find it too sensational to believe that any voting systems were successfully compromised. I might. But I also know (as does he) that while voting systems are not connected to the Internet, certain PCs with election administration Apps resident, were in fact at one point connected to the Internet for their otherwise ordinary course of work activities. And by the time the call went out to disconnect anything, the damage was likely already done—probably far earlier last spring.

With regard to this last step, what do we know in fact? Not enough yet; and be prepared the public may never know much more. But, I offer this: the review now being ordered, and the bipartisan investigation now being called-for must be willing to dive deep into a thorough digital forensic audit. Can this be done in time before the Electoral College convenes? To be thorough, not a chance.

For our concern at the OSET Institute, that is not our agenda or concern, and we believe that trying to do anything in time for the Electoral College to consider should not be the focus. The focus must be on as much learning as possible about all aspects of our administration of democracy and how it may be, or might have been, or in fact, was compromised.

More specifically, the focus must be particularly acute on the state of our deteriorating election technology infrastructure. We don’t call it an infrastructure because all of it is tightly integrated, let alone interconnected. Several of America’s infrastructure assets are highly distributed and diffuse, but taken as a whole the sum of the parts still amounts to an infrastructure. The same is true of our elections technology nationwide. All of these separate parts sum into a collective infrastructure. And it must stop being a backwater of Government I.T.

Finally, An Equally Focused Response

So, while we’re finally seeing some weakening of the partisanship over cyber security, the President-elect (PEOTUS) has pushed back on all of this, with his typical tweet-wars, and interviews this weekend on cable news, including a very rare rebuke of the very intelligence services he must work with once in office next month. I leave it to the reader to ponder why PEOTUS is being so defensive (seemingly on behalf of Russia) on the potential for Russian election meddling. But I would recommend an “eyes wide open” intellectually honest consideration as this unfolds.

Meanwhile, in an equally rare response, intelligence officials pushed back Sunday for the first time against PEOTUS criticism, delivering a rare rebuttal against an American elected official.

“It’s concerning that intelligence on Russian actions related to the U.S. election is being dismissed out of hand as false or politically partisan,” a U.S. intelligence official said in a written statement. “The inclination to ignore such intelligence and impugn the integrity of U.S. intelligence officials is contrary to all that is sacred to national-security professionals who work day and night to protect this country.”

Again, as I mentioned above in Russia’s first step of their mission, one of the reasons why the Russians have been so phenomenally successful in this active measures campaign is that A] they managed to politicize cyber-security, and B] there has been this highly improbable presidential election in the United States where one of the candidates was willing to deny Russian government involvement for them.

The bipartisan call for an investigation ensued from Senators John McCain and Lindsey Graham, both frequent Trump critics, and was joined by Oklahoma Sen. James Lankford, a Republican member of the Senate Select Intelligence Committee, who tweeted this weekend, “Cyber-security investigation of Russian interference can’t be partisan.”

What Can Be Done?

Weaponized social media, fake news, reality distortion fields, and poorly maintained web servers of campaigns and political parties are a persistent, thorny problem that will require separate attention. There may always be that phenomenon, although I observe that the reality distortion fields fueled by politically motivated fake news is a very serious challenge for the preservation of our democracy. All of that is above our pay grade and out of our focus.

Let’s talk about our focus and a simple solution to a large part of this problem.

Regardless of social media and partisanship, one problem that is not a political challenge but an American challenge is our aging and now failing voting infrastructure and the near desperate need to update and upgrade the equipment America relies on to cast and count our ballots.

This is the most important message to share:

The OSET Institute’s TrustTheVote Project has the solution. It’s called ElectOS. It's a 21st century election operating system -- of, by, and for the people, publicly available from the Silicon Valley.

ElectOS will be for voting systems what Android is for mobile computing.

ElectOS will make possible voting systems that are more verifiable, accurate, secure, and transparent.

ElectOS will make possible evidenced-based election systems that are fully audit-ready.

ElectOS will put an end to charges of tampering, rigging, and illegitimacy.

ElectOS will restore confidence in elections and their outcomes.

The TrustTheVote Project needs 18-months and requires an additional half dozen full-time engineers, working their tails off to finish it in time for at least 12 states to adopt, adapt and deploy. And ElectOS can solve for all 43 states that must replace their systems before 2020.

If just 17% of all the newly registered voters this past election cycle -- a few hundred thousand citizens nationwide -- make a one-time tax deductible $30 this work can be finished in time. That's way more impact that a non-tax deductible campaign donation. Imagine that: an election infrastructure of, by, and for the people that's verifiable, accurate, secure, and transparent. Now that's impact investing for social good.

Back to the Main Thing

While the investigations into the Russian omnipresence in our electoral process will continue, regardless of their outcome, the fact remains that our voting infrastructure must be replaced so that the vulnerabilities that exist today can be eliminated.

Consider this: the most disturbing notion shared by my friend’s relatives along the Russian front is that there is hope over there that nothing here will change; that the status quo of our vulnerable election infrastructure will remain. They know the weak points, and they understand what it takes to manipulate the system.

You see the Russians are not coming; they’re already here. They are likely now the ghost in the machinery of elections administration.

And per my friend's relative's comment, the worst possible thing that could happen for the Russian government would be for America to update and upgrade its electoral infrastructure.

And God help the Russian government if American cyber-security and protecting its democracy infrastructure become a patriotic cause rather than a political football.